Error writting secrets plugin

Question

Error writting secrets plugin

sosoriov opened this issue 5 years ago · 7 comments

I'm trying to use your plugin but I'm getting an error when I try to write the secrets. The plugin is installed and I can enable it in any path.

Error writing data to newgen/password: Error making API request.

URL: PUT https://xxxxx:8200/v1/newgen/password
Code: 500. Errors:

* 1 error occurred:
        * internal error

this is the log message:

[ERROR] core: failed to run existence check: error="plugin exited before we could connect"
[DEBUG] secrets.secrets-gen.secrets-gen_7528b0ff.secrets-gen: plugin process exited: path=/etc/vault/plugins/vault-secrets-gen pid=25955
[ERROR] secrets.secrets-gen.secrets-gen_7528b0ff.secrets-gen.vault-secrets-gen: plugin tls init: error="error during token unwrap request: secret is nil" timestamp=2

my config:

listener "tcp" {
    address = "10.18.16.12:8200"
    cluster_address = "10.18.16.12:8201"
    tls_cert_file = "/etc/vault/certs/xxx.crt"
    tls_key_file = "/etc/vault/certs/xxx.key"
}

storage "consul" {
    address = "127.0.0.1:8501"
    path = "vault/"
    scheme = "https"
    tls_ca_file = "/etc/vault/certs/consul-agent-ca.pem"
    tls_cert_file = "/etc/vault/certs/dc1-client-consul-0.pem"
    tls_key_file = "/etc/vault/certs/dc1-client-consul-0-key.pem"
}

plugin_directory = "/etc/vault/plugins"
api_addr = "https://xxx:8200"
cluster_addr = "https://xxx:8201"
disable_mlock = true
ui = true

Answer 1 · 2019-07-31T13:58:35.000Z

Looks similar to this issue. Can you make sure you're running the latest Vault and latest version of this plugin and try the steps in that issue?

Answer 2 · 2019-08-01T07:05:03.000Z

Hi @sethvargo thanks for your answer

I tried the solution available in the post that you mentioned but still does not work.

I'm using Vault v1.1.3 and vault-secrets-gen_0.0.2_linux_amd64.zip on Centos7

Answer 3 · 2019-08-01T19:34:54.000Z

Can you try 0.0.3?

Answer 4 · 2019-09-17T17:24:37.000Z

Hi @sethvargo,

my 2 cents here:

I tried the version 0.0.3 with Vault 1.2.3 for a POC and faced exactly the same issue. There was a message in the logs following the internal error message, that this might be an protocol communication error. So then, I downgraded to Vault 1.1.3 and then it worked without issues.

I'm very interested to use that plugin. Reproducing that error shouldn't be complicated, but I can provide more logs if needed.

Cheers

Answer 5 · 2019-09-17T19:14:22.000Z

Try 0.0.4. Each time Vault changes their API, we have to update our dependencies and re-publish.

Answer 6 · 2019-09-17T19:22:05.000Z

Thanks for your quick answer! I will try now and let you know.

Answer 7 · 2019-09-17T23:02:19.000Z

works perfectly now with vault 1.2.2 and release 0.0.4. Thanks!